Fiverr down and Flashplayer virus

[flyby]

Why is this thread now not visible on the first page?



Fiverr get your act together. Stop trying to bury this - There are undoubtedly machines that have been affected by this and your complete denial is doing damage.



You are well aware of the file that was on the server as multiple users including myself have contacted support about this.

[kashmiah]

Hi Everyone,



Just confirming after speaking with our DevOps team. The site wasn’t hacked & user information was not exposed.



To be extra cautious, if you don’t see HTTPS in the browser, then you are not using a safer version of Fiverr.com. We only HTTPS for Fiverr.com.

[flyby]

@kasmiah



You have a multitude of users telling you a specific file was forced downloaded from the site. The file exsisted on your servers and was an infected file as pointed out in the above links and by other users.



Why are you continuing to deny this. If the site wasn’t hacked how did this file get onto the servers and our machines? Why have you not informed the wider community?



The issue is not about user information. Files delivered from Fiverr have now affected an untold amount of machines and you’re not making anyone aware of this.

[steveeyes]

Actually I used Norton and Malewarebytes (both I have a paid subscription) and neither one detected it (yes my database was updated). The key to detection was doing a boot scan to check the root. Maybe Norton and maleware does root scans but I could not find. A friend suggested AVAST and they have an option called boot scan (same thing as root scan). AVAST at least detected the virus but for me it was too late and the damage had already been done. Windows was still messed up when done so I had to reinstall windows. I guess when time permits I’m going to look for a good virus scan but for now this problem put me behind the power curve so I must get busy doing my gigs (I lost a gig I had completed and I have to do it again-- ugh!)



What is confusing about Fiverr’s denial is that when I clicked Fiverr to open it, that is when I got the download flash message. It even said it was coming from fiverr.com. So either the hacker was very cleaver and not even Fiverr knows it was hacked or I’m delusional – maybe both 🙂



I guess asking your own team that works for you is like your wife testifying for you in court. There are independent sites out there that said Fiverr was hacked. I did put a link to one but it was removed. If fiverr wasn’t hacked than what are they afraid of. Oh well, it is Fiverr’s site so they can do as they deem necessary but I’m a bit skeptical because of the way it happen.



I’m even skeptical of those that say they were not effected but I hope that is the case. This virus is clever and it can easily hide from detection and in some cases you may not know you have it.



Hackers and scammers. Don’t you just love them. I just hope it doesn’t happen again.

[flyby]

We should never be able to access a non https version as you should have re-directs in place. So how is it possible we did?



You appear to be using a play on words here to deceive users. The site may not have been hacked but was your DNS hacked?

[dtongsports]

Shouldn’t have to do all this, Fiverr should own up to it and apologize publically.



So… gigs not showing up in search, hacked site, and trying to implement sellers buying advertising to advertise their gigs within the site…Might be time to jump ship!

[emeraldawnn]

I’m supposing I dodged a bullet because I was gone during the timeframe this apparently happened and didn’t get on Fiverr for most of the early afternoon until nearly 3 p.m. (CDT). I never saw a file downloaded or issue with Fiverr being compromised until I read this post.



Thank goodness I went ahead and went to my part-time job.

[forcedlogic]

Reply to @buzzkillington: Well I can’t argue with that, no personal information was taken or damaged during the attack. However if someone’s computer was compromised due to a virus that was hosted from fiverr’s servers and a person’s information was stolen then Fiverr could easily be named in a class action lawsuit as one of the people responsible for hosting such a virus whether they had knowledge or not, it’s their web address property that infected said number of countless people.



The best thing they can do at this point is stop flip flopping and acknowledge the hack or attack and respond to customer complaints better.

[buzzkillington]

Reply to @forcedlogic: Anything can happen. But it’s a company based in Israel and I have no idea what the rules of lawsuits are there. If they were willingly neglectful in patching their servers and you can prove it, maybe it’s possible. Who konws.

[mgjohn78]

Reply to @kashmiah:

Ah so the cdn company was compromised? Noticed other sites using same cdn company were hit at around the same time!

[steveeyes]

Reply to @emeraldawnn: As long as you see https as part of Fiverr’s URL you should b safe.

[gabriela3]

Thanks for the tips…Fiverr was out also for me but I just got a 404 error…no flasplayer/trojan offer…you never know though…



Reply to @flyby:

why would they want to admit that the website might not be safe…think what will that do to…



it really seemed like a nice place but seeing that users really got problems and how the staff answered …is not very reassuring



Reply to @dtongsports:

ow so that’s what it was with that questionnaire